Notorious Hacker USDoD Arrested in Brazil After Years-Long Spree

During Operation “Data Breach,” Brazilian police apprehended the hacker known as USDoD, who was involved in breaches of national databases and FBI systems. The perpetrator, also operating under the alias EquationCorp, conducted high-profile cyberattacks for several years, stealing and publishing confidential information on hacker forums.

Among his most notorious attacks was the breach of the InfraGard portal, which facilitates the exchange of cyber threat intelligence between the FBI and critical U.S. organizations. In another incident, the breach of National Public Data (NPD) led to the leak of personal data and Social Security numbers of hundreds of millions of U.S. citizens. According to the police, USDoD disseminated the data of 80,000 InfraGard members on specialized websites.

For a long time, the hacker eluded law enforcement. However, the situation shifted after USDoD attacked CrowdStrike and leaked its internal threat list, drawing further attention to the cybercriminal.

Following the CrowdStrike information leak, the Brazilian publisher Techmundo received an anonymous report allegedly revealing the hacker’s identity. The document claimed that the person behind the USDoD alias was a 33-year-old Brazilian named Luan G. Shortly thereafter, the hacker himself confirmed the accuracy of this information in an interview with HackRead, adding that he resides in Brazil. He also mentioned that his identity had been known to several companies, including intel421, even before the InfraGard breach.

It is likely that the Federal Police of Brazil used this information to locate the suspect. Operation “Data Breach” culminated in the hacker’s arrest in the city of Belo Horizonte on October 16. As part of the investigation, searches were conducted, and evidence was seized, linking the suspect to the sale of Federal Police data on May 22, 2020, and February 22, 2022.